Access follows the workspace
Workspace membership is the operational access boundary. Users only access workspaces where they are members, while organization and role determine administrative actions.
Trust
Built for decisions that need to be explained.
Conspecta handles portfolio data, evaluations, insights, and actions as decision support. The platform is therefore built around clear access boundaries, server-side operations, and explainable methodology.
Sensitive writes go through the backend
Critical and authoritative changes, such as application creation, user administration, invites, and derived portfolio insights, are handled through server-side API routes.
Explainable before automated
Scoring, recommendations, maturity, and effect logic use structured rules and documented methodology. AI may assist with language and process work, but it is not the decision authority.
How the platform is structured
Conspecta separates identity, organization, workspace, portfolio data, and derived decision signals.
Identity
Secure sign-in and user identity
Sign-in and user identity are separated from portfolio data. The Conspecta user profile connects that identity to organization, role, and accessible workspaces.
Access
Workspace membership as boundary
Workspaces have dedicated membership documents used as the authoritative access boundary. User indexes support navigation, but they are not the only security barrier.
Data
Access rules and server contracts
Access rules constrain client access, while server routes validate identity, workspace access, and input before writing sensitive or derived data.
Decision
Deterministic signals
Portfolio insights, application evaluations, maturity, and effect status are calculated from structured data so recommendations can be traced back to the underlying basis.
Security principles
The security model is designed for organizations that need clear boundaries around portfolio data, user roles, and administrative operations.
Deny-by-default for sensitive collections
Sensitive and derived datasets are available only to authorized users and cannot be written directly from the client.
Server-side validation
API routes that write core objects verify user identity, check workspace access, and validate input before data is persisted.
Role model with clear boundaries
The MVP model separates platform owner, organization administrator, and workspace member. Normal invites should not assign platform-level access.
Environment separation
Development, test, and production environments are kept separate so changes can be verified before they reach production.
AI boundaries
Conspecta should not feel like a black box. AI is limited to support functions where users can read, review, and edit the output.
AI does not make portfolio decisions
AI is not the authority for scores, access, maturity, or economic effect. Those areas use structured inputs and deterministic logic.
Keys stay server-side
AI support runs through server-controlled endpoints. The browser should not call language models directly or expose API keys.
Workspace context is checked
AI routes that use workspace data should verify user identity and workspace membership before processing data.
Operations and maturity
Trust is built into both the product and the way the platform is developed, tested, and released.
Controlled development and release flow
Changes are developed and verified in separate environments before they move to production. This reduces the risk of test data, experiments, or unfinished work affecting users.
Documented access boundaries
Access rules, the data model, and core server contracts are documented alongside the product so security boundaries can be reviewed and improved over time.
Ongoing security work
Security and operations are treated as a continuous part of product development, with monitoring, resilience, and operational controls strengthened over time.
An honest trust model
Conspecta should be clear about how decision support, access, and AI assistance are handled. Trust is not only about technology; it is about explainable recommendations, bounded data access, and documented improvement.